<font color="red">Warning: Use of PEAP-MSCHAPv2 to connect to the Virginia Tech network is strongly discouraged by the Linux and Unix Users Group due to attacks that can allow all traffic to be decrypted with a 100% success rate.</font> '''PEAP-MSCHAPv2''' is a wireless authentication scheme used by #REDIRECT [[Virginia Tech as an alternative to [[EAP-TLS]] for connections to [[VT-Wireless]]. At DefCon 20 in July 2012, an attack was announced for MSCHAPv2 that allows the protocol to be cracked quickly with a 100% success rate.<ref>[https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/]</ref> '''Use of MSCHAPv2 is strongly discouraged.''' ==Set your remote access passphrase==Regardless of what software you use to establish your connection, you must first set your remote passphrase by going to [https://my.vt.edu my.vt.edu]→Settings→Change Network Password. ==Android=={{Version|2.2 (Froyo) of Android}} * From the home screen, press the menu button and choose "Settings"→"Wireless & networks"→"Wi-Fi settings".* Remove any existing entries for {{{networks|the network you'd like to add or any conflicting network}}}.* From the "WiFi networks" listing, click on {{{network|the network you'd like to add}}}.* Choose PEAP as the EAP method and MSCHAPv2 as the phase two authentication mechanism.* Enter your credentials for the identity and press "Connect". ==NetworkManager==* In your wireless configuration program, select VT-Wireless.* Choose PEAP as the EAP type.* Choose MSCHAPv2 as the authentication method.* Use your {{{identity|PID}}} and remote passphrase as your login credentials. ==wpa_supplicant==Add the following lines to /etc/wpa_supplicant.conf: network={ ssid="VT-Wireless" proto=WPA2 key_mgmt=WPA-EAP eap=PEAP phase2="auth=MSCHAPV2" identity="your {{{identity|PID}}}" password="your passphrase" ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem } ==netctl==Tested on [[Arch Linux]] with netctl 0.8 (updated on 2013-04-12). * Create a file, '''/etc/netctl/VT-Wireless''' and place this in it: Description="VT-Wireless PEAP-MSCHAPv2" Interface=wlan0 Connection=wireless Security=wpa-configsection IP=dhcp IP6=stateless WPAConfigSection=( 'ssid="VT-Wireless"' 'proto=RSN' 'key_mgmt=WPA-EAP' 'eap=PEAP' 'phase2="auth=MSCHAPV2"' 'identity="YOUR IDENTITY"' 'password="NETWORK PASSWORD" 'ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem"' ) Make sure to change '''IDENTITY''' to your {{{identity|PID}}}, and '''NETWORK PASSWORD''' to your network password. * After creating this file, make sure to change the owner to root (<code>sudo chown root:root /etc/netctl/VT-Wireless</code>) and change the permissions so that it can be read only by the owner (<code>sudo chmod 0600 /etc/netctl/VT-Wireless</code>). This will ensure that your private key password cannot be read by others easily. * To connect, simply type the following in a terminal: sudo netctl start VT-Wireless ==References==<references/> [[Category:HowtosWifi]]